Using UPnP
UPnP (Universal Plug and Play) makes connecting PCs of all form factors, intelligent appliances, and wireless devices in the home, office, and everywhere in between easier and even automatic by leveraging TCP/IP and Web technologies. UPnP can be supported on essentially any operating system and works with essentially any type of physical networking media ¡V wired or wireless.
UPnP also supports NAT Traversal which can automatically solve many NAT unfriendly problems. By UPnP, applications assign the dynamic port mappings to Internet gateway and delete the mappings when the connections are complete.
The key components in UPnP are devices, services, and control points.
UPnP Operations
Addressing: UPnPv1 devices MAY support IPv4, IPv6, or both. For IPv4, each devices should have DHCP client, when the device gets connected to the network, it will discover DHCP server on network to get an IP address. If not, then Auto-IP mechanism should be supported so that the device can give itself an IP address.(169.254.0.0/16)
Discovery: Whenever a device is added on the network, it will advertise it's service over the network. Control point can also discover services provided by devices.
Description: Control points can get more detailed service information from devices' description in XML format. The description may include product name, model name, serial number, vendor ID, and embedded services...etc.
Control: Devices can be manipulated by control points through Control message.
Eventing: Devices can send event message to notify control points if there is any update on services provided.
Presentation: Each device can provide their own control interface by URL link. So that users can go to the device's presentation web page by the URL to control this device.
In this example, we will introduce how to enable UPnP function in ZyXEL devices. Currently, Microsoft MSN is the most popular application exploiting UPnP, so we take Microsoft MSN application as an example in this support note. You can learn how MSN benefit from NAT traversal feature in UPnP in this application note.
In the diagram, suppose PC1 and PC2 both sign in MSN server, and they would like to establish a video conference. PC1 is behind PPPoE dial-up router which supports UPnP. Since the router supports UPnP, we don't need to setup NAT mapping for PC1. As long as we enable UPnP function on the router, PC1 will assign the mapping to the router dynamically. Note that since PC1 must support UPnP, we presume that it's OS is Microsoft WinME or WinXP.
Device: PPPoE
Dial-up Router
Service: NAT function provided by PPPoE Dial-up Router
Control Point:
PC1
1. Enable UPnP function in ZyXEL device
Go to Advanced->UPnP, check two boxes, Enable PnP feature and Allow users to make...
The first check box enables UPnP function in this device.
The second check box allow users' application to change configuration in this device. For instance, if you enable this item, then user's MSN application can assign dynamic port mapping to the router. So that network administrator don't need to setup SUA port mapping in the router.
2. After getting IP address, you can go to open MSN application on PC and sign in MSN server.
3. Start a Video conversation with one online user.
4. On the opposite side, your partner select Accept to accept your conversation request.
5. Finally, your video conversation is achieved.
3. View dynamic ports opened by UPnP
When using UPnP, if the ZyXEL device is configured as "Allow users to make configuration changes through UPnP", the device will accept any port opening request sent by UPnP protocol. And actually, such behaviour also add some risks to your internal LAN. For security sake, we provide a CI command for users to view currently opened ports.
Please go to SMT menu, and type this command, "ip nat server disp" to display the dynamic port mappings. Please note that, the UPnP dynamic port mappings start from item 13 to 35.
ras> ip nat server disp Server Set: 1 Rule name Svr P Range Server IP LeasedTime Active protocol Int Svr P Range Remote Host IP Range -------------------------------------------------- 1 DMZ default 0.0.0.0 0 No ALL 0 - 0 0.0.0.0 - 0.0.0.0 2 0 - 0 0.0.0.0 0 No ALL 0 - 0 0.0.0.0 - 0.0.0.0 3 0 - 0 0.0.0.0 0 No ALL 0 - 0 0.0.0.0 - 0.0.0.0 4 0 - 0 0.0.0.0 0 No ALL 0 - 0 0.0.0.0 - 0.0.0.0 5 0 - 0 0.0.0.0 0 No ALL 0 - 0 0.0.0.0 - 0.0.0.0 6 0 - 0 0.0.0.0 0 No ALL 0 - 0 0.0.0.0 - 0.0.0.0 7 0 - 0 0.0.0.0 0 No ALL 0 - 0 0.0.0.0 - 0.0.0.0 8 0 - 0 0.0.0.0 0 No ALL 0 - 0 0.0.0.0 - 0.0.0.0 7 0 - 0 0.0.0.0 0 No ALL 0 - 0 0.0.0.0 - 0.0.0.0 8 0 - 0 0.0.0.0 0 No ALL 0 - 0 0.0.0.0 - 0.0.0.0 9 0 - 0 0.0.0.0 0 No ALL 0 - 0 0.0.0.0 - 0.0.0.0 10 0 - 0 0.0.0.0 0 No ALL 0 - 0 0.0.0.0 - 0.0.0.0 11 0 - 0 0.0.0.0 0 No ALL 0 - 0 0.0.0.0 - 0.0.0.0 12 0 - 0 0.0.0.0 0 No ALL 0 - 0 0.0.0.0 - 0.0.0.0 13 msnmsgr (192.168.1.33:12288) 35 35313 - 35313 192.168.1.33 0 YES UDP 12288 - 12288 0.0.0.0 - 0.0.0.0 14 msnmsgr (192.168.1.33:7173) 360 36061 - 36061 192.168.1.33 0 YES TCP 7173 - 7173 0.0.0.0 - 0.0.0.0 15 0 - 0 0.0.0.0 0 No ALL 0 - 0 0.0.0.0 - 0.0.0.0 16 0 - 0 0.0.0.0 0 No ALL 0 - 0 0.0.0.0 - 0.0.0.0 17 0 - 0 0.0.0.0 0 No ALL 0 - 0 0.0.0.0 - 0.0.0.0 18 0 - 0 0.0.0.0 0 <deleted...> |